Privacy and Security—Who Cares?

Alot has been written about the TJX Cos. Inc.’s data breach since it was first announced back in January. Its infamy has only grown as more details have emerged, making Framingham, Mass.-based TJX’s misfortune the most talked about story of its kind to date. And with the Federal Trade Commission announcing its investigative launch in March, there is no question we’ll be learning more soon.

However, as pundits and observers blast away at the retailer for “gross negligence,” “less-than-forthcoming honesty” and my personal favorite, “indifference due to lack of ensuing fiduciary loss,” (we’ll see about that when the FTC is done) I have to wonder what the incident has meant to the customer? And what customers are we talking about? Is there a generational gap dividing shoppers’ reactions?

It may shock many to learn what generations Y and Z think of privacy and security. As parents, you’ve likely heard that you legally cannot access information in your child’s Facebook account—not even in the face of an impending threat from a cyberpredator. This fear has been heightened by many adults’ belief that teens don’t care about privacy and/or have enough experience to realize the harm of turning private content into public domain.

But this is simply no longer true, and the youth culture’s once-cavalier attitude has been consistently changing as it learns that employers, law enforcement and college admissions offices routinely review young people’s online content. As more education arises—particularly in the number of colleges and universities utilizing social networks to scan applicants—many have begun to exercise far more caution in what they post to sites such as Myspace.com.

As it relates to retail, today I happened to notice that several of the interns we have here at RSAG were returning from their lunch break with shopping bags from Marshalls. I simply had to ask how they paid. Though the answer of “credit card” didn’t surprise me, the rationale certainly did.

It turns out one of these young ladies was just reissued a brand-new replacement card from her providing bank—though she reached out to no one—due to the TJX breach. Her mother was reissued one as well.

She informed me that she uses her new card, just as she did the old one—simply out of necessity. However, unlike her mother, she frequently checks her balance online, inspecting her purchase history weekly for any suspicious activity.

By way of comparison, Mom now uses the new card only at “trusted” retailers. Yet, during a vacation last week in Florida, Mom’s card was rejected at a very well-known big-box retailer. When Mom called her card company to determine why, she was told that transactions at all Florida locations of this chain were being proactively denied, due to issues of data theft.

Interesting? I thought so, particularly since this is a retailer that has yet to make any headlines pertaining to data-security issues.

In the end, what struck me most was the dichotomy of mother and daughter’s reaction: Each was attempting to exercise “safer” behavior having been affected firsthand by the TJX breach.

And though the older generation may think of itself as more privacy-sensitive and security-minded, note that the “careful” party was only protected by an outside source. These “reckless” youths are educated, cognizant, and proactively taking steps to protect themselves.

Perhaps the younger generation is more privacy- and security-savvy than previously believed. And they do love to shop.